Category Archives: cisco secure remote worker

Your Network Has Left the Building – How do you secure it?

Your network has left the building. It’s no longer sitting in the server room down the hall where you can keep an eye on it. And it’s no longer safely tucked behind your corporate firewall. Instead, it’s in the cloud. It’s inside your users’ smartphones. And especially now, your corporate network is in people’s homes.

Today’s security teams have to mind various areas of their network and cloud infrastructure, remote users and endpoints, and applications running everywhere in order to remain secure. And as soon as new technology is developed or widely used, attackers find ways to take advantage of it – making security vigilance even more critical.

In our recent 2020 CISO Benchmark Study, we asked security professionals which areas of their environment they find most challenging to defend. According to the study:

  • 52% find mobile devices and data stored in the public cloud very or extremely challenging to defend
  • 50% find private cloud infrastructure very or extremely difficult to defend
  • 41% find data centers and network infrastructure very or extremely difficult to defend
  • 39% say they are really struggling to secure applications

While the moves to mobile and cloud seem to pose the biggest challenges, the data shows that the rest of your security concerns haven’t gone away either.

So how do you do it all?

How do you protect some of the newer technologies that have become part of your environment while still paying attention to things like your traditional data center and network infrastructure to make sure they are not breached? And how do you do this amidst unprecedented remote worker hurdles and a dramatic shortage of skilled cybersecurity professionals? Here are some examples of how Cisco can help you protect the challenge areas outlined above.

Mobile

In order for security to work, it has to work across all the devices your employees are using. Cisco’s endpoint security combines a variety of security technologies to make sure your users’ mobile devices are protected, and in turn, do not compromise the corporate network. For example, Cisco AnyConnect and Cisco Duo enable users to securely access your network or applications using managed or unmanaged, mobile or traditional devices. And Cisco Umbrella and Cisco AMP for Endpoints defend these devices against threats from the first line to the last line of defense.

In response to current challenges, we have also launched the Cisco Secure Remote Worker solution to help organizations address the recent rise in remote and mobile workers. The intent is to better enable IT and security teams to quickly provision remote workers without sacrificing cybersecurity. The offering includes extended free trials and expanded usage counts to help alleviate today’s tremendous IT and security demands. Learn more about how this offering can enable secure access for a distributed workforce and help you defend against malware across the network, endpoints, cloud, and applications.

Cloud

Cisco’s cloud security protects your assets and data in the cloud from multiple angles. It helps secure private, public, and hybrid clouds to facilitate your transition to a multicloud environment. With Cisco’s cloud edge security, you can: 1) secure cloud access, 2) protect cloud users, data, and applications, and 3) extend in-depth visibility and threat detection into the cloud.

Data Center

Today’s application workloads are more dynamic, moving across on-prem and multicloud environments. This requires a new strategy for data center security that can protect workloads wherever they go. The Cisco Secure Data Center solution provides several layers of security through in-depth visibility, segmentation, and threat protection. The solution brings together key technologies that let you see, segment, and secure your data as it travels across your environment and into the cloud.

Applications

Related to data center security is application security. Cisco’s application security brings continuous, adaptive protection closer to your applications to give you greater insight and control over what is running in your environment. The security follows your applications to ensure protection without hindering productivity and innovation. This allows you to understand application behaviors, automate micro-segmentation, and use security analytics to speed detection.

Network

Perhaps the trickiest area to summarize is network security due to the ever-expanding components that make up today’s “network.” You need a next-generation firewall that can keep up with your expanding infrastructure and sophisticated attackers. You need a way for authorized users to securely connect to the network. And once they’re logged in, you need multiple layers of protection to prevent them from abusing their privileges or being compromised by malware.

Bringing it all together

While we secure many areas of the corporate environment, we don’t do so in silos. Our security products all work together – and with the customer’s infrastructure, including third-party technologies – to provide more cohesive, automated defenses. By taking a platform approach to security, Cisco SecureX results in greater visibility, collaboration, and protection across all threat vectors, access points, and areas of your infrastructure. This reduces complexity while enabling a zero-trust security strategy.

For more information

Explore our entire security portfolio and review the 2020 CISO Benchmark Report for more information on how to protect various areas of your environment.

This post is part of a series covering topics and data from our 2020 CISO Benchmark Report. Read previous posts here, and be sure to check back soon for more!

The post Your Network Has Left the Building – How do you secure it? appeared first on Cisco Blogs.

Firewalling and VPN in the Remote Work Era

A cloud firewall vendor recently argued that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is “sounding the alarm around VPN security.” That scary-sounding statement is incorrect. It may get clicks, but it doesn’t benefit security practitioners protecting data and remote workers.

The U.S. Government is not sounding an alarm about VPNs. Rather, it is acknowledging the importance of security best practices in work-from-home operations. CISA’s recent VPN guidance recommends good security hygiene. Like security patching. And multi-factor authentication, to establish user identity before VPN access is granted. While those recommendations bear repeating, they are not new.

Even prior to the Covid-19 pandemic, global VPN use was rising. Cisco AnyConnect VPN is the world’s most widely used enterprise remote access VPN. AnyConnect supports smartphones, laptops, kiosks, and more. It is proven in both small offices and enterprises with over 100,000 users.

For years, Cisco has provided organizations with innovative solutions for secure connectivity. Only Cisco couples:

  • VPN scalability
  • Firewall reliability
  • Cisco Duo’s multifactor authentication
  • Cisco Umbrella’s DNS-based security that protects users, even when they’re off the VPN.

Additionally, many Cisco AnyConnect customers use its split-tunneling features. By policy, traffic can be split on-or-off VPN by application, or Cisco’s patented, DNS-based, Dynamic Split Tunneling (DST). DST can exclude low-risk browser traffic (like videoconferencing) from the VPN tunnel, maximizing VPN efficiency and network performance while lowering costs. Another AnyConnect differentiator is that it can natively assess endpoint posture (e.g., validating endpoint security software is up-to-date) before granting VPN access.

Additionally, Cisco has invested heavily in software-defined networking, SD-WAN, and security tools enabling zero-trust frameworks. Cisco is a bridge for organizations evolving their security posture to a zero-trust model. In fact, last year we were named a leader in the Forrester Wave Report for zero-trust.

Seeing a pattern? Cisco security has a depth of capabilities to meet diverse needs. Nowhere is that more evident in Cisco’s security portfolio than firewalling. Years ago, firewall only meant appliance. Today what’s most important is firewalling — intelligent control points everywhere — cloud-delivered Secure Access Service Edge (SASE), physical, virtual, and even workload-centric.

Cisco calls this flexible and comprehensive firewalling vision the future of firewall. Our approach protects multiple environments: traditional, micro-segmented, cloud, and de-perimiterized networks — as well as SaaS-delivered applications and micro services. Firewalling where you need it, unified with consistent policies, visibility, and threat correlation between endpoint and network security tools.

Firewalling is also foundational to Cisco’s recently-announced open platform approach to security. Our platform tools, like Cisco SecureX, integrate with our security products. They are not extra costs. SecureX reduces security complexity and shrinks administration time. For instance, based on load, SecureX can automate virtual firewall provisioning to grow remote access VPN capacity on demand. Additionally, our open platform unifies Cisco security tools and extends integration with third-party capabilities. The result is rapid identification, fencing, and remediation of incidents.

Returning to U.S. Government cyber news, the Trusted Internet Connections (TIC) 3.0 initiative’s Interim Telework Guidance grants government agencies greater flexibility for using SASE, Cloud Access Security Broker (CASB), and SD-WAN technologies. The acceptance of these new capabilities recognizes the rapid growth of roaming users, remote locations, and SaaS applications. It also acknowledges that backhauling all traffic via VPN to a head office is not always relevant, or practical.

It’s fun to read controversial statements about security. But it’s better to thoughtfully manage risk on your terms. For resources regarding security and connectivity using Cisco’s platform approach, please see these references:

Verify and secure your users:

Our firewalling and VPN solutions:

Platform tools included with all our security solutions:

Cisco SD-WAN:

The post Firewalling and VPN in the Remote Work Era appeared first on Cisco Blogs.